French carmakers, Russian banks and German railways all hit as massive cyberattacks wreak global havoc

"Ransomware" virus hits public and private
organisations across the globe.

Renault halts production in car factories to prevent
spread of virus.

UK's national health service is crippled.

Public transport is affected in Germany.

The Russian central bank has been hit.

LONDON — Cyber security experts struggled to restore systems
on Saturday after an unprecedented global wave of cyberattacks
struck targets ranging from Russia's banks to
British hospitals and a French carmaker's factories.

French carmaker Renault was forced to stop production at sites in
France and Slovenia, saying the measure was aimed at stopping the
virus from spreading.

In the United States, package delivery group FedEx acknowledged
it had been hit by malware and said it was "implementing
remediation steps as quickly as possible."

Russia's interior ministry said that some of its computers had
been hit by a "virus attack" and that efforts were underway to
destroy it.

The country's central bank said the banking system was hit, and
the railway system also reported attempted breaches.

The central bank's IT attack monitoring centre "detected mass
distribution of harmful software" but no "instances of
compromise", it said.

Russia's largest bank Sberbank said its systems "detected in time
attempts to penetrate bank infrastructure".

Germany's Deutsche Bahn computers were also impacted, with the
rail operator reporting that station display panels were
affected.

The hunt was on for the culprits behind the assault, which was
being described as the biggest cyber ransom attack ever.

State agencies and major companies around the world were left
reeling by the attacks which blocked access to files and demanded
ransom money, forcing them to shut down their computer systems.

"The recent attack is at an unprecedented level and will require
a complex international investigation to identify the culprits,"
said Europol, Europe's policing agency.

The attacks, which experts said affected dozens of countries,
used a technique known as ransomware that locks users' files
unless they pay the attackers a designated sum in the virtual
Bitcoin currency.

Mikko Hypponen, chief research officer at the Helsinki-based
cyber security company F-Secure, told AFP that the attack was
"the biggest ransomware outbreak in history", saying that 130,000
systems in more than 100 countries had been affected.

He said that Russia and India were hit particularly hard, in
large part because the older Windows XP operating software is
still widely used in the countries.

The attacks apparently exploited a flaw exposed in documents
leaked from the US National Security Agency (NSA).

Self-replicating 'worm'

In a statement, computer security group Kaspersky Labs said it
was "trying to determine whether it is possible to decrypt data
locked in the attack -- with the aim of developing a decryption
tool as soon as possible."

On Saturday, a cyber security researcher told AFP he had
accidentally discovered a "kill switch" that could prevent the
spread of the ransomware.

The researcher, tweeting as @MalwareTechBlog, said that the
discovery was accidental, but that registering a domain name used
by the malware stops it from spreading. Computers already
affected will not be helped by the solution.

But @MalwareTechBlog warned that the "crisis isn't over" as those
behind it "can always change the code and try again".

The malware's name is WCry, but analysts were also using variants
such as WannaCry.

Message to users: 'Oops'

Twitter

Britain's National Cyber Security Centre and its National Crime
Agency were looking into the UK incidents, which disrupted care
at National Health Service facilities, forcing ambulances to
divert and hospitals to postpone operations.

It demands payment in three days or the price is doubled, and if
none is received in seven days the files will be deleted,
according to the screen message.

"Ransomware becomes particularly nasty when it infects
institutions like hospitals, where it can put people's lives in
danger," said Kroustek, the Avast analyst.

A hacking group called Shadow Brokers released the malware in
April claiming to have discovered the flaw from the NSA,
Kaspersky said.

Although Microsoft released a security patch for the flaw
earlier this year, many systems have yet to be updated,
researchers said.

"Unlike most other attacks, this malware is spreading primarily
by direct infection from machine to machine on local networks,
rather than purely by email," said Lance Cottrell, chief
scientist at the US technology group Ntrepid.

Some said the attacks highlighted the need for agencies like the
NSA to disclose security flaws so they can be patched.

G7 finance ministers meeting in Italy discussed the attacks and
were expected to commit to stepping up international cooperation
against a growing threat to their economies.